Joao Luis Meloni Assirati wrote:
> I want to know if my point of view is right, or if there is any
> functionality that hosts.{allow,deny} scheme provides which iptables
> can't.- You have daemon-by-daemon settings instead of port-by-port or protocol-by-protocol. - the aforementioned 'extra layer of security incase your iptables get cleared'. - the 'PARANOID' host definition, which matches any host that has doesn't have sane DNS-to-reverse-DNS settings. Bastille does something nice (apt-get install bastille) I didn't know about tcpwrappers. I found this in my /etc/hosts.allow after running Bastille's automated setup tool: ALL : ALL : spawn (/usr/sbin/safe_finger -l @%h | /bin/mail -s "Port Denial noted %d-%h" root) & : DENY
